将公钥和私钥存储在数据库或密钥库中

发布于 2024-09-08 04:20:07 字数 121 浏览 10 评论 0原文

我正在制作一个网络服务,它将存储数据库表中每条记录的公钥和私钥。

密钥是使用 Java 制作的,但我不确定是否要创建密钥库或将密钥直接放入数据库中的字段中。

您会推荐什么选项?每种方法有什么好处?

I am making a web service that will store public and private keys for each record in a database table.

The keys are made using Java, but I am unsure weather to create a keystore or place the keys inside fields in the databbase directly.

What option would you recommend and what are the benefits of each method?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

人生百味 2024-09-15 04:20:07

如果您使用密钥库,您将使用一个专门用于保存加密项目(例如密钥和证书)的数据库。

只要有可能,您就不应该尝试重新发明轮子。密钥库足以解决您的问题吗?如果您尝试设计自己的数据库来存储这些工件,您将不得不重新解决在创建数据库(例如 Java 的密钥库)时已经考虑到的问题。

If you use a keystore, you'll be using a database that has been designed to keep encrypted items, such as keys and certificates.

Wherever possible, you shouldn't try and re-invent the wheel. Will a keystore suffice in your problem? If you try and design your own database for storing these artefacts, you're going to have to re-solve problems and issues which were taken into account already when creating databases such as Java's keystore.

心的憧憬 2024-09-15 04:20:07

您可以为通过 http 发送数据的现有实现提供密钥库,这将获取密钥库并执行所有必要的操作,因此您无需这样做。
对于服务器端身份验证,这将是一个 keystore = KeyStore.getInstance("JKS"),其中包含所有受信任的证书。

对于客户端身份验证,如果适用(您需要自己验证),这样的实现也已经存在
您只需提供您的客户“密钥库”=>这个将包含您的证书及其私钥 => KeyStore.getInstance("PKCS12")

最后你想将这些东西存储到数据库中,这里有点棘手..密钥库是安全的,所以你不能只是把它写掉..你必须使用 keystore.store( OutPutstream,密码)..

我发现最好的是例如:

@Entity
public class MyKeyStoreClass {
private Long id;
@Transient
private KeyStore keystore;
private String passwordForKeyStore;
private Byte[] keyStoreAsBytes;

@PreUpdate
@PrePersist
public void concertKeyStoreToBytes() {
   ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keystore.store(byteArrayOutputStream,
                passwordForKeyStore.toCharArray());
   keyStoreAsBytes = byteArrayOutputStream.toByteArray();
}

@PostLoad
public void getKeyStore() {
   if (keystore == null && keyStoreAsBytes != null) {
      keyStore = KeyStore.getInstance(getKeystoreType().getType());
      keyStore.load(new ByteArrayInputStream(keystoreAsBytes), passwordForKeyStore.toCharArray()); 
   }    
}

上面的代码不是100%正确,但它让你很好地理解我的意思,如果你不使用注释,你可以使用另一个方法,但我认为我的观点很清楚;)

You can provide keystores to already existing implementations for data sending over http, which will fetch the keystore and perform all the necessary stuff so you don't have to.
For server-side authentication this would be a keystore = KeyStore.getInstance("JKS"), containing all the trusted certificates.

For client-side authentication, if applicable (you need to verify yourself) also such implementation already exist
where you just provide your client 'keystore' => this one will contain your certificate and it's private key => KeyStore.getInstance("PKCS12")

Then finally you want to store these stuff to database, here it gets a bit tricky.. Keystores are secured, so you can not just write it away.. you have to use the keystore.store(OutPutstream, password)..

What I find best is for instance:

@Entity
public class MyKeyStoreClass {
private Long id;
@Transient
private KeyStore keystore;
private String passwordForKeyStore;
private Byte[] keyStoreAsBytes;

@PreUpdate
@PrePersist
public void concertKeyStoreToBytes() {
   ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keystore.store(byteArrayOutputStream,
                passwordForKeyStore.toCharArray());
   keyStoreAsBytes = byteArrayOutputStream.toByteArray();
}

@PostLoad
public void getKeyStore() {
   if (keystore == null && keyStoreAsBytes != null) {
      keyStore = KeyStore.getInstance(getKeystoreType().getType());
      keyStore.load(new ByteArrayInputStream(keystoreAsBytes), passwordForKeyStore.toCharArray()); 
   }    
}

The above code is not 100% correct, but it gives you a good idea of what I mean, If you don't work with annotations, you can do it using another approach but I think my point is clear ;)

煮茶煮酒煮时光 2024-09-15 04:20:07

为什么每条记录都有私钥?这是非常奇怪的设计。私钥通常由实体(例如人)或代表他们的服务器持有。

Why does each record have a private key? This is very strange design. Private keys see generally held by entities, e.g. People, or servers acting on their behalf.

不再让梦枯萎 2024-09-15 04:20:07

您可以有一个数据库来存储用户信息而不是密钥,对于密钥,最好使用密钥库。因此 userinfo 可能包含 {name, symmetry pass / hash, ...} 并使用该名称您应该能够识别密钥库中的密钥记录。再次记住,不要使用全局(用户,通行证)来读取密钥库,而是使用用户授予。

you can have a database to store userinfo not keys, for keys it is better to use keystore. so userinfo may contain {name, symmetric pass / hash, ...} and using the name you should be able to identify the key-record in the keystore. Again remember, do not use a global (user,pass) to read the keystore, use the user grant instead.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文